tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/ioctl_macros
Jeff Vander Stoep c4a93a6cdd add SIOCGIFINDEX to list of unprivileged socket ioctls 
Addresses
avc: denied { ioctl } for path="socket:[69748]" dev="sockfs" ino=69748
ioctlcmd=8933 scontext=u:r:untrusted_app:s0:c512,c768
tcontext=u:r:untrusted_app:s0:c512,c768 tclass=udp_socket

Change-Id: Iee3821ade9dc044fa03705902923ed18c91425dd
2016-01-08 13:41:05 -08:00

43 lines
2.1 KiB
Text
Raw Blame History

# socket ioctls allowed to unprivileged apps
define(`unpriv_sock_ioctls', `
{
# Socket ioctls for gathering information about the interface
SIOCGIFNAME SIOCGIFCONF SIOCGIFFLAGS SIOCGIFADDR SIOCGIFBRDADDR
SIOCGIFNETMASK SIOCGIFMTU SIOCGIFINDEX SIOCGIFCOUNT SIOCGIFTXQLEN
# Wireless extension ioctls. Primarily get functions.
SIOCGIWNAME SIOCGIWFREQ SIOCGIWMODE SIOCGIWSENS SIOCGIWRANGE SIOCGIWPRIV
SIOCGIWSTATS SIOCGIWSPY SIOCSIWTHRSPY SIOCGIWTHRSPY SIOCGIWRATE SIOCGIWRTS
SIOCGIWFRAG SIOCGIWTXPOW SIOCGIWRETRY SIOCGIWPOWER
# commonly used TTY ioctls
TIOCOUTQ FIOCLEX
}')
# socket ioctls never allowed to unprivileged apps
define(`priv_sock_ioctls', `
{
# qualcomm rmnet ioctls
WAN_IOC_ADD_FLT_RULE WAN_IOC_ADD_FLT_INDEX
# socket ioctls
SIOCADDRT SIOCDELRT SIOCRTMSG SIOCSIFLINK SIOCSIFFLAGS SIOCSIFADDR SIOCGIFDSTADDR
SIOCSIFDSTADDR SIOCSIFBRDADDR SIOCSIFNETMASK SIOCGIFMETRIC SIOCSIFMETRIC SIOCGIFMEM
SIOCSIFMEM SIOCSIFMTU SIOCSIFNAME SIOCSIFHWADDR SIOCGIFENCAP SIOCSIFENCAP
SIOCGIFHWADDR SIOCGIFSLAVE SIOCSIFSLAVE SIOCADDMULTI SIOCDELMULTI
SIOCSIFPFLAGS SIOCGIFPFLAGS SIOCDIFADDR SIOCSIFHWBROADCAST SIOCGIFBR SIOCSIFBR
SIOCSIFTXQLEN SIOCETHTOOL SIOCGMIIPHY SIOCGMIIREG SIOCSMIIREG SIOCWANDEV
SIOCOUTQNSD SIOCDARP SIOCGARP SIOCSARP SIOCDRARP SIOCGRARP SIOCSRARP SIOCGIFMAP
SIOCSIFMAP SIOCADDDLCI SIOCDELDLCI SIOCGIFVLAN SIOCSIFVLAN SIOCBONDENSLAVE
SIOCBONDRELEASE SIOCBONDSETHWADDR SIOCBONDSLAVEINFOQUERY SIOCBONDINFOQUERY
SIOCBONDCHANGEACTIVE SIOCBRADDBR SIOCBRDELBR SIOCBRADDIF SIOCBRDELIF SIOCSHWTSTAMP
# device and protocol specific ioctls
SIOCDEVPRIVATE-SIOCDEVPRIVLAST
SIOCPROTOPRIVATE-SIOCPROTOPRIVLAST
# Wireless extension ioctls
SIOCSIWCOMMIT SIOCSIWNWID SIOCSIWFREQ SIOCSIWMODE SIOCSIWSENS SIOCSIWRANGE
SIOCSIWPRIV SIOCSIWSTATS SIOCSIWSPY SIOCSIWAP SIOCGIWAP SIOCSIWMLME SIOCGIWAPLIST
SIOCSIWSCAN SIOCGIWSCAN SIOCSIWESSID SIOCGIWESSID SIOCSIWNICKN SIOCGIWNICKN
SIOCSIWRATE SIOCSIWRTS SIOCSIWFRAG SIOCSIWTXPOW SIOCSIWRETRY SIOCSIWENCODE
SIOCGIWENCODE SIOCSIWPOWER SIOCSIWGENIE SIOCGIWGENIE SIOCSIWAUTH SIOCGIWAUTH
SIOCSIWENCODEEXT SIOCGIWENCODEEXT SIOCSIWPMKSA
# Dev private ioctl i.e. hardware specific ioctls
SIOCIWFIRSTPRIV-SIOCIWLASTPRIV
}')
Reference in a new issue View git blame Copy permalink